From fd010b67075652dea906c9805cb76cf364f0c994 Mon Sep 17 00:00:00 2001
From: Aaron Barnard <abarnard@protonmail.com>
Date: Wed, 10 Aug 2022 16:34:10 +1000
Subject: [PATCH] Add invalid rune checks

---
 src/index.ts | 10 +++++++---
 src/utils.ts |  3 +++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index e923f23..c92f281 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,9 +1,10 @@
 import { Base64Binary } from './base64'
-import { binaryHashToHex, operatorToDescription, runeOperatorRegex } from './utils'
+import { binaryHashToHex, invalidAscii, operatorToDescription, runeOperatorRegex } from './utils'
+import type { DecodedRune } from './types'
 
 export * from './types'
 
-export const decode = (rune: string) => {
+export const decode = (rune: string): DecodedRune | null => {
   const runeBinary = Base64Binary.decode(rune)
   const hashBinary = runeBinary.slice(0, 32)
   const hash = binaryHashToHex(hashBinary)
@@ -13,12 +14,15 @@ export const decode = (rune: string) => {
 
   const id = uniqueId.split('=')[1]
 
+  // invalid rune checks
+  if (!id) return null
+  if (restrictionStrings.some(invalidAscii)) return null
+
   const restrictions = restrictionStrings.map((restriction) => {
     const alternatives = restriction.split('|')
 
     const summary = alternatives.reduce((str, alternative) => {
       const [operator] = alternative.match(runeOperatorRegex) || []
-
       if (!operator) return str
 
       const [name, value] = alternative.split(operator)
diff --git a/src/utils.ts b/src/utils.ts
index 008f7b8..b6183c5 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -38,3 +38,6 @@ export const operatorToDescription = (operator: string): string => {
       return ''
   }
 }
+
+export const invalidAscii = (str: string): boolean =>
+  !![...str].some((char) => char.charCodeAt(0) > 127)